Task Force Proposes Framework to Fight Ransomware
Ransomware, the “perfect crime” of the Internet age, is spreading rapidly, increasing by some accounts by 150% or more in 2020. There is no sign of slowing down in 2021. The average ransom demanded by attackers has jumped 43% from Q4 2020 to Q1 2021 to $ 220,298 as threat groups target larger and more vulnerable organizations, from police forces to hospitals to municipal school districts.
Two important factors contribute to the inevitability of ransomware. The first is the ease with which cybercriminals can make money from their ransomware efforts. The second factor that strengthens the ransomware market is the inability of law enforcement or government officials to do anything about these types of attacks.
Recognizing that the ransomware problem has gone from bad to worse, the Justice Department of the Biden administration has launched a task force that would target the entire digital ecosystem supporting ransomware. This task force includes the Criminal, National Security, and Civil Divisions of the Department of Justice, the Federal Bureau of Investigation (FBI), and the Executive Office of U.S. Prosecutors, which supports the nation’s 93 top federal prosecutors.
Today, a coalition of more than 60 volunteer experts from industry, government, law enforcement, insurers, international organizations and other fields proposed a comprehensive framework of 48 actions that government and industry can sue to disrupt the ransomware market. The Ransomware Task Force, mainly organized by the Institute for Security and Technology, today released a report titled Combating Ransomware, a Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force.
Five priority ransomware recommendations stand out
Out of its 48 recommended actions, the task force identified five “priority” recommendations:
- Coordinated international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive and resourced strategy, including using a carrot and stick approach to deter nation states from providing safe havens to people. ransomware criminals.
- The United States should lead by example and execute a sustained, aggressive, whole-of-government, intelligence-led anti-ransomware campaign coordinated by the White House. In the United States, this must include:
- The creation of an inter-agency working group led by the National Security Council (NSC) in coordination with the new national director of cyberspace
- A joint U.S. government ransomware task force
- An informal focus on ransomware threats, led by the private sector and collaborative
- Governments should establish cybersecurity response and recovery funds to support the response to ransomware and other cybersecurity activities, require organizations to report ransom payments, and require organizations to consider alternatives before to make payments.
- An internationally coordinated effort should be made to develop a clear, accessible and widely adopted framework to help organizations prepare for and respond to ransomware attacks. In some underfunded and more critical sectors, incentives (such as fine relief and funding) or regulation may be needed to promote adoption.
- The cryptocurrency industry that allows ransomware crime should be regulated more tightly. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading “desks” to comply with existing laws, including Know Your Customer (KYC), money laundering (AML) and the fight against the financing of terrorism (CFT).
Unlike many other types of cybercrime, ransomware poses a unique threat to national security, putting lives at risk with threats to critical infrastructure, risks to public health, the diversion of vital public resources, loss of data and privacy, and disruption to schools and colleges, according to the report. The economic impact goes beyond the cost of the ransom and includes downtime and corrective actions, which can reach multiples of the absolute dollar amounts requested.
The ransomware problem is compounded by the role of insurance companies, which may inadvertently encourage more attacks by serving as support for organizations hit by ransomware attacks. To this end, the report identifies ways the insurance industry can help, including by imposing basic security requirements for insurability.
The relationship between ransomware and national governments at the forefront
The working group is particularly interested in the relationship between ransomware and national governments. The report notes that “many ransomware criminals operate with impunity because the governments of their countries are unwilling or unable to prosecute this form of crime.” In contrast, in other cases the ransomware attackers are state sponsored.
“We haven’t really focused on the ransomware problem, either as a global community or as an American community, as much as we need to,” Chris Painter of the Global Forum on Cyber Expertise Foundation Board and one of the Ransomware Task Force co-chairs, says CSO. “I don’t think we have a good idea of the enormity of the costs. This rises to the level of threats from nation states. [such as the recent SolarWinds hack]. “
While some developments are underway to help combat the rise in ransomware, they are not enough, says Painter. “There have been a number of good deeds against ransomware and ransomware targets. The removal of Emotet was a recent one, part of the work Europol did through No More Ransom. All of these things are excellent. But we don’t. have a concerted approach to this where we really take all the instruments we have both nationally and internationally and combine them to make it a priority and go beyond. If we don’t, it will only get worse. “
The task force’s ultimate goal is to make it difficult for cybercriminals to tackle what is now easy money in ransomware attacks. “How can we make it harder for them? We are increasing the cost for these players, ”explains Painter. “You are looking at how they make money, cryptocurrency. We are attacking their infrastructure. Operation Emotet was one of them. You toughen the targets and make it less profitable for the ransomware players.”
International targets are key to reducing the attractiveness of ransomware
The international aspect of the working group’s functioning is essential to reduce the attractiveness of ransomware. “There are two sides to this for me,” says Painter, who headed the State Department’s first cybersecurity office under President Obama. “One is to build coalitions with other countries to tackle these actors, which has been done to a certain extent like the withdrawal of Emotet, but developing that and having that strategic international approach there. where you prioritize it. “
According to Painter, the second part of the fight against ransomware is to tackle the safe havens of ransomware actors protected by their governments. “I think these shelters fall into two categories. The first is the category of countries that are not doing enough, or perhaps not doing anything at the moment, ”he said. “We should be able to work with these countries to do things like joint investigations, capacity building and make them think it’s important.”
“The hardest part is how to deal with countries which encourage it or which certainly have no interest in cooperating. Russia has always been difficult in the past. In the same way, we try to respond to Russia by when it comes to things like SolarWinds, we have to step up the pressure, we have to use all the tools we have, which could be sanctions, but it could go further.
Copyright © 2021 IDG Communications, Inc.